wormclaude 1.0.171 → 1.0.173
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands.js +14 -1
- package/dist/theme.js +1 -1
- package/dist/tools.js +2 -2
- package/package.json +1 -1
package/dist/commands.js
CHANGED
|
@@ -273,6 +273,8 @@ function formatFinding(x) {
|
|
|
273
273
|
return `${sev}${tt('missing security headers', 'eksik güvenlik başlıkları')}: ${(x.missing || []).join(', ')}`;
|
|
274
274
|
if (x.type === 'path')
|
|
275
275
|
return `${sev}${tt('path', 'yol')} ${x.url || ''} → ${x.status || ''}`;
|
|
276
|
+
if (x.type === 'info')
|
|
277
|
+
return `${sev}${x.evidence || x.url || 'info'}`;
|
|
276
278
|
if (x.value)
|
|
277
279
|
return `${x.value}`;
|
|
278
280
|
// GENEL: şablon bulguları (ssrf/ssti/lfi/ldap/cmd-injection/nosql/open-redirect/crlf/graphql/cors/exposure…)
|
|
@@ -317,7 +319,7 @@ export function summarizeScan(target, findings) {
|
|
|
317
319
|
if (low.length)
|
|
318
320
|
out.push((L ? `🔵 ${low.length} düşük (minör): ` : `🔵 ${low.length} low (minor): `) + grp(low, false).map((s) => s.replace(/^ {2}• /, '')).join('; '));
|
|
319
321
|
if (info.length)
|
|
320
|
-
out.push((L ? `⚪ ${info.length} bilgi
|
|
322
|
+
out.push((L ? `⚪ ${info.length} bilgi: ` : `⚪ ${info.length} info: `) + info.map((f) => (f.evidence || f.type || '').toString().split(' — ')[0]).slice(0, 5).join(' · '));
|
|
321
323
|
// verdict
|
|
322
324
|
if (high.length)
|
|
323
325
|
out.push(L ? `\n➤ Sonuç: ${high.length} GERÇEK yüksek-risk açık — acil düzeltilmeli. Detaylı rapor için: /report`
|
|
@@ -496,6 +498,17 @@ async function fullScanCmd(arg, ctx) {
|
|
|
496
498
|
all.push(...f);
|
|
497
499
|
ctx.note(` ${label}: ${f.length} ${tt('finding(s)', 'bulgu')}`);
|
|
498
500
|
}
|
|
501
|
+
// "Parametreli uç bulunamadı" notlarını TEK mesaja topla (her inject tarayıcı bir tane ekliyor → 12 kopya).
|
|
502
|
+
const _np = all.filter((f) => f.note === 'no_params');
|
|
503
|
+
if (_np.length) {
|
|
504
|
+
for (let i = all.length - 1; i >= 0; i--)
|
|
505
|
+
if (all[i].note === 'no_params')
|
|
506
|
+
all.splice(i, 1);
|
|
507
|
+
if (_np.length >= 2) {
|
|
508
|
+
all.push({ type: 'info', severity: 'info', url: target, note: 'no_params',
|
|
509
|
+
evidence: tt(`${_np.length} injection scanners found NO GET parameter to test — target inputs are likely POST forms / behind login (not covered by GET-based scanning; use a parameterized URL or test manually).`, `${_np.length} enjeksiyon tarayıcısı test edecek GET parametresi BULAMADI — hedefin girdileri muhtemelen POST form / login-arkası (GET taraması kapsamı dışı; parametreli URL ver ya da manuel test et).`) });
|
|
510
|
+
}
|
|
511
|
+
}
|
|
499
512
|
const order = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
|
|
500
513
|
all.sort((a, b) => (order[a.severity] ?? 9) - (order[b.severity] ?? 9));
|
|
501
514
|
setLastScan(target, all); // /report için sakla
|
package/dist/theme.js
CHANGED
package/dist/tools.js
CHANGED
|
@@ -741,8 +741,8 @@ async function execOne(call, hooks) {
|
|
|
741
741
|
const _ck = tool + '|' + target.toLowerCase();
|
|
742
742
|
const _cached = _scanCache.get(_ck);
|
|
743
743
|
if (_cached && Date.now() - _cached.t < 120000) {
|
|
744
|
-
|
|
745
|
-
|
|
744
|
+
// SADECE kısa DUR notu — bulguları TEKRAR verme (yoksa model onları yeniden yazıp tekrar çağırır).
|
|
745
|
+
return { ok: false, args, output: `[ALREADY-SCANNED] "${tool} ${target}" already ran — its findings are ALREADY in the conversation above. STOP: do NOT call SecurityScan again. Reply to the user in TEXT now using those findings. Another scan call is a forbidden loop.` };
|
|
746
746
|
}
|
|
747
747
|
try {
|
|
748
748
|
const { runPentest } = await import('./pentest.js');
|